Sign Up
Log In
Sign Up
Username:
*
Email:
*
Password:
*
Password confirmation:
*
or
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Games:steam:SLE-15-SP3
SDL
CVE-2019-7574.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-7574.patch of Package SDL
diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c index b6c49de..2968b3d 100644 --- a/src/audio/SDL_wave.c +++ b/src/audio/SDL_wave.c @@ -334,7 +334,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *decoded, Uint8 *encoded, static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) { struct IMA_ADPCM_decodestate *state; - Uint8 *freeable, *encoded, *decoded; + Uint8 *freeable, *encoded, *encoded_end, *decoded; Sint32 encoded_len, samplesleft; unsigned int c, channels; @@ -350,6 +350,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) /* Allocate the proper sized output buffer */ encoded_len = *audio_len; encoded = *audio_buf; + encoded_end = encoded + encoded_len; freeable = *audio_buf; *audio_len = (encoded_len/IMA_ADPCM_state.wavefmt.blockalign) * IMA_ADPCM_state.wSamplesPerBlock* @@ -365,6 +366,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) { /* Grab the initial information for this block */ for ( c=0; c<channels; ++c ) { + if (encoded + 4 > encoded_end) goto invalid_size; /* Fill the state information for this block */ state[c].sample = ((encoded[1]<<8)|encoded[0]); encoded += 2; @@ -387,6 +389,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) samplesleft = (IMA_ADPCM_state.wSamplesPerBlock-1)*channels; while ( samplesleft > 0 ) { for ( c=0; c<channels; ++c ) { + if (encoded + 4 > encoded_end) goto invalid_size; Fill_IMA_ADPCM_block(decoded, encoded, c, channels, &state[c]); encoded += 4; @@ -398,6 +401,10 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) } SDL_free(freeable); return(0); +invalid_size: + SDL_SetError("Unexpected chunk length for an IMA ADPCM decoder"); + SDL_free(freeable); + return(-1); } SDL_AudioSpec * SDL_LoadWAV_RW (SDL_RWops *src, int freesrc,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
